FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

Revision:  351364
Date:      2014-04-15
Time:      20:21:44Z
Committer: swills

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
bb389137-21fb-11e1-89b4-001ec9578670asterisk -- Multiple Vulnerabilities

Asterisk project reports:

It is possible to enumerate SIP usernames when the general and user/peer NAT settings differ in whether to respond to the port a request is sent from or the port listed for responses in the Via header.

When the "automon" feature is enabled in features.conf, it is possible to send a sequence of SIP requests that cause Asterisk to dereference a NULL pointer and crash.


Discovery 2011-12-08
Entry 2011-12-09
asterisk18
lt 1.8.7.2

asterisk16
lt 1.6.2.21

CVE-2011-4597
CVE-2011-4598
http://downloads.asterisk.org/pub/security/AST-2011-013.html
http://downloads.asterisk.org/pub/security/AST-2011-014.html
bb389137-21fb-11e1-89b4-001ec9578670asterisk -- Multiple Vulnerabilities

Asterisk project reports:

It is possible to enumerate SIP usernames when the general and user/peer NAT settings differ in whether to respond to the port a request is sent from or the port listed for responses in the Via header.

When the "automon" feature is enabled in features.conf, it is possible to send a sequence of SIP requests that cause Asterisk to dereference a NULL pointer and crash.


Discovery 2011-12-08
Entry 2011-12-09
asterisk18
lt 1.8.7.2

asterisk16
lt 1.6.2.21

CVE-2011-4597
CVE-2011-4598
http://downloads.asterisk.org/pub/security/AST-2011-013.html
http://downloads.asterisk.org/pub/security/AST-2011-014.html
dd698b76-42f7-11e1-a1b6-14dae9ebcf89asterisk -- SRTP Video Remote Crash Vulnerability

Asterisk project reports:

An attacker attempting to negotiate a secure video stream can crash Asterisk if video support has not been enabled and the res_srtp Asterisk module is loaded.


Discovery 2012-01-15
Entry 2012-01-20
Modified 2013-06-19
asterisk18
lt 1.8.8.2

asterisk10
lt 10.0.1

http://downloads.asterisk.org/pub/security/AST-2012-001.html
dd698b76-42f7-11e1-a1b6-14dae9ebcf89asterisk -- SRTP Video Remote Crash Vulnerability

Asterisk project reports:

An attacker attempting to negotiate a secure video stream can crash Asterisk if video support has not been enabled and the res_srtp Asterisk module is loaded.


Discovery 2012-01-15
Entry 2012-01-20
Modified 2013-06-19
asterisk18
lt 1.8.8.2

asterisk10
lt 10.0.1

http://downloads.asterisk.org/pub/security/AST-2012-001.html